In fighting fraud, the only constant is change

By Anthony Scriffignano

Oct 22, 2018

Fraud and malfeasance take an enormous toll on government programs, impacting taxpayers and the millions of constituents served by federal programs. Agencies reported in fiscal year 2017 that they uncovered more than $8.7 billion in confirmed fraud in their programs. Most experts agree, however, this figure vastly underreports the actual amount of fraud because so much goes undetected.

The government understandably assigns a high priority to combatting fraud -- six of the top 10 management and performance challenges facing the Department of Health and Human Services have a counterfraud component. These challenges include ensuring integrity in the Medicaid and Medicare as well as in managed care and private insurance programs, addressing the opioid epidemic, improving financial management and curbing improper payments. Likewise, the IRS views fraud as its second most important management and performance challenge, only topped by data security. Nearly every federal agency that contracts with vendors or provides grants to recipients sees preventing fraud as a top challenge.

The most pressing challenge agencies currently have in bolstering their counterfraud efforts is the pace of change in the schemes they confront. As with cyber threats, fraud tactics are continuously morphing and growing ever more sophisticated. Advancing technologies such as artificial intelligence, blockchain and the internet of things will dramatically accelerate the pace of fraud and broaden the methods available to malefactors. This situation leaves government anti-fraud teams playing “catch up” and suggests that merely chasing these problems will leave “the good guys” increasingly further behind. The task is further complicated by legal considerations -- such as data privacy, permissible use and data purge requirements -- which obviously don't constrain the "bad guys."

For example, one of the fastest growing and most dynamic varieties of fraud is business identity theft, in which criminals impersonate legitimate businesses to improperly claim benefits or payments. A few government agencies, such as the IRS, have been aware of the scope of this phenomenon for years. The Treasury Inspector General for Tax Administration found that 277,624 stolen employer identification numbers were used during the 2011 tax year to report income and withholding on 752,656 tax returns, with potentially fraudulent refunds totaling more than $2.2 billion. Moreover, TIGTA estimated at that time that the IRS could issue almost $2.3 billion in potentially fraudulent tax refunds based on these EINs yearly, or about $11.4 billion over the next five years.

Since then, business identity theft has only accelerated. In 2017, incidents were up 46 percent over the previous year. In 2016, the IRS logged 4,000 business identity theft cases, which grew to more than 10,000 in 2017 -- with damages measured in the hundreds of millions of dollars. This trend is now the focus of several federal regulatory and law enforcement agencies, including the Federal Trade Commission, the Small Business Administration, the U.S. Postal Inspection Service and the Federal Communications Commission.

The increasing prevalence of business identity theft illustrates a larger problem: the growing complexity of fraud schemes today. Fraudsters are smart, resilient and able to adapt to the convergence of disruptive technologies. Furthermore, data breaches and propagation of malware toolkits are expanding the resources available for malefactors to construct new ways of perpetrating fraud. Detecting these new fraud schemes is not like trying to find a needle in a haystack -- it is like trying to find the right needle in a stack of needles.

While the range of fraudulent tactics is constantly changing, the government’s capacity to analyze information and automate fraud mitigation processes also continues to evolve. Ultimately, the best strategy for combating fraud across the federal government requires an agile and proactive approach that is deliberate and intentional, customized to agency needs and vigilant for changes in an ever-shifting landscape. Now more than ever it is incumbent on government agencies to invest the time and resources in risk assessments, vulnerability studies, internal skill improvement and data analytics to make increasingly informed decisions about susceptibility to fraud.